On 1/18/2017 12:08 AM, Ron Frederick wrote:
Right - when I set mutual_auth, it does have a token to send in this case, and after that both sides are complete. I agree that the code appears like it would handle multiple tokens on both sides as well, which might be useful if this code is ever used with something other than Kerberos. My implementation also supports this.
Well, there are other SSH mods to work with other GSS-API implementations. The mods are mostly for handling the delegated credentials. http://toolkit.globus.org/toolkit/docs/5.0/5.0.4/security/openssh/pi/ https://github.com/globus/gsi-openssh uses X509 via TLS and delegates X509 proxy certificates. -- Douglas E. Engert <DEEngert@xxxxxxxxx> _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
